Lets Go Phishing
It can seem at times that the only people who like change are Internet attackers. And they don’t just like it—they need it. Technology’s rapid changes give cybercriminals new attack vectors to exploit, and new ways to turn a profit out of someone else’s misfortune.
For example, take phishing. The concept is simple: Send an email disguised as a message from a bank, PayPal, or UPS. Wait for the user to click a link in the message, and enter their private details into a phishing site, and presto! The attacker attains financial or personal login details that can be used to commit fraud or theft.
Of course, it was only a matter of time before most people caught on to email scams. Users read again and again not to click on such links. Mail solutions became better at spotting phishing emails and filtering them into a junk email folder. Even free Web mail providers now catch the majority of these attacks.
Once cybercriminals noticed their traditional phishing approaches were returning lower response rates, they rapidly adjusted to new mediums. As a result, a new trend emerged: smishing (social media phishing) became the new trend in cyber attacks.
The underlying concept is the same, but the attack mechanism is different. Instead of targeting users via email, cybercriminals use social media messaging and advertising to lure their victims.
For hackers, it’s the perfect opportunity. They can cheaply buy lists of Facebook login details, hack into users’ accounts, and send personal-looking messages to an individual’s entire friend list. The majority of users are more trusting of a post from a friend than a suspicious email in their in-box, making smishing more effective at luring users to phishing sites.
Just remember: What you see is not always what you get, especially in the cyber world. When you receive a message or shared link from a friend, don’t assume it is actually from them. The attack vector is new, but our old advice still applies: Stop and think before you click.
03-27-2012 3:41 PM
If you would like to leave a comment, please either sign in or register to join us as a community member.